ON SINGULAR MODULI FOR ARBITRARY DISCRIMINANTS 



KRISTIN LAUTER AND BIANCA VIRAY 

Abstract. Let d\ and d^ be discriminants of quadratic imaginary orders and let J(di, efc) 
denote the product of differences of CM j-invariants with discriminants d\ and c?2- In 1985, 
Gross and Zagier gave an elegant formula for the factorization of the integer J(d±, g^) in the 
case that d\ and c?2 are relatively prime and discriminants of maximal orders. We generalize 
their methods and give a complete factorization in the case that d\ is squarcfrec and d2 is any 
discriminant. We also give a partial factorization in all other cases, and give a conjectural 
formula when the conductors of d\ and e?2 are relatively prime. 



1. Introduction 

Let d\ and 62 be discriminants of distinct quadratic imaginary orders and write 

J(d u d 2 ):= J] a(n)-i(r 2 )), 

[n],N 
disc Ti=di 

where [/n;] runs over all elements of the upper half-plane with discriminant di modulo SL2(Z). 
In 1985, under the assumption that d\ and d 2 are relatively prime and discriminants of 

8 

maximal orders, Gross and Zagier showed that J(d\, d 2 ) W1W2 is an integer and gave an elegant 
formula for its factorization. 

Theorem. [GZ85, Thm. 1.3] Let d\ and d 2 be two relatively prime fundamental discrimi- 
nants of imaginary quadratic fields. For any prime p dividing a positive integer of the form 

d\d 2 — x 2 , choose i such thatp\di and define e{p) = and extend the definition of e by 

multiplicativity . Then 

J(d u d 2 )^=± F 

x(zZ,\x\ <d\d,2 
x=d\d,2 mod 2 

where F{m) = n € ( m / n ) an d w . denotes the number of roots of unity in the quadratic 

n\m,n>0 

imaginary order of discriminant di. 

While it is not obvious from the definition, F(m) is a non-negative power of a single prime. 
More precisely, F(m) is a non-trivial power of i if i is the unique prime such that vi{m) is 
odd and e(£) = —1, and F(m) = 1 otherwise. This fact gives a particularly nice corollary, 
which can be thought of as saying that J(d\, d 2 ) is "highly factorizable." 

2010 Mathematics Subject Classification. 11G15; 11G20. 

Key words and phrases, singular moduli, supersingular elliptic curves, endomorphism rings. 
The second author was partially supported by Microsoft Research, a Ford dissertation year fellowship, 
NSF grant DMS-1002933, and ICERM. 

1 




Corollary. [GZ85, Cor. 1.6] Let d\ and d 2 be two relatively prime fundamental discrimi- 
nants. Assume that i divides J(d\, d 2 ). Then (^-) , (&\ ^ 1 and t divides a positive integer 
of the form 

In this paper, we determine to what extent such a formula holds for an arbitrary pair of 
discriminants. We note that the proof of [GZ85, Thm. 1.3] implicitly gives a mathematical 
interpretation of the quantities F(m). Their interpretation is quite natural, and any nice 
generalization of [GZ85, Thm. 1.3] to arbitrary discriminants should retain this property. 
(This will be explained in more detail in §2.) 

We prove that there is a generalization of F(m) such that the above equation holds, and 
that retains this property and many other nice properties of the original definition: 

Theorem 1.1. Let di,d 2 be any two distinct discriminants. Then there exists a function 
F that takes non-negative integers of the form dld2 ~ x to (possibly fractional) prime powers. 
This function satisfies 

J(d 1 ,d 2 )^ = ± F 

x 2 <d\d2 
x 2 =did,2 mod 4 

Moreover, F(m) = 1 unless either (1) m — and d 2 = di£ 2k for some prime I or (2) the 
Hilbert symbol (d\, —m)i = — 1 at a unique finite prime I and this prime divides m. In both 
of these cases F{m) is a (possibly fractional) power of t. 

Remark 1.2. In most cases, F(m) is actually an integer prime power. In particular, it is an 
integer prime power if m is coprime to the conductor of d\ and at least one of d\ or d 2 is odd. 
We explain this more in Theorem 1.5. However, fractional powers do appear. For instance, 
if di = -3 and d 2 = -12, then F(0) = 2 1 / 3 . 

Theorem 1.1 easily implies a generalization of [GZ85, Cor 1.6] for all pairs of discriminants. 

Corollary 1.3. Let di and d 2 be any two distinct discriminants. Assume that I divides 
J(d%, d 2 ). Then either d 2 = d\i 2k for some k, or I divides a positive integer m of the form 
dld2 ~ x and the Hilbert symbol (d±, —m) p = (d 2 , —m) p is nontrivial if and only if p — £. In 
particular, if d 2 ^ d x t 2k then ) , ) ^ 1. 

Remark 1.4. The assumption that d 2 ^ d\l 2k is, in fact, necessary to conclude that , yj) 7^ 
1. For example, 11 divides J (—7, —7 ■ ll 2 ) even though 11 is split in Q(v— 7). 

From the proof of Theorem 1.1, we can also show that there is no extension of the def- 
inition of the quadratic character e such that F(m) = |"J n e ( m /«) f or an arbitrary pair of 
discriminants, see §2, Example 2.3. We will instead generalize a different expression of F(m) 
from [GZ85, Dor88]. If — di is prime, d 2 is fundamental, and gcd(di,d 2 ) = 1, then Gross and 
Zagier show that ve(F(m)) can be expressed as a weighted sum of the number of integral 
ideals in of norm m/£ r for r > 0. Dorman extended this work to the case that di is 
squarefree, d 2 is fundamental, and gcd(di,d 2 ) = 1. We derive an expression for vi(F(m)) 
which holds in general for arbitrary di and d 2 , for primes i > 2 which are coprime to the 
conductor of d\. 
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Theorem 1.5. Let m be a non-negative integer of the form dld2 ~ x2 and £ a fixed prime that 
is coprime to cond(di). 

Ifm > and either £ > 2 or 2 does not ramify in both Q(a/3i) andQ(y/d 2 ), then vz(F{m)) 
can be expressed as a weighted sum of the number of certain invertible integral ideals in Od x 
of norm n/£ r forr > 0. Moreover, ifm is coprime to the conductor of d\, then Vi{F(m)) is 
an integer and the weights are easily computed and constant; more precisely we have 

v (F(m)) = { ^ M E ^ %{m/n if 1 1 C ° nd(4) (1 2) 

n \p(m)Ql(m/£ 1+v ^ ond ^) if£|cond(d 2 ) ' 



where e is the ramification degree of £ in Q(v / 5i) an d 
p(m) - 



if (di, — m) p = — 1 for p\di,p \ f\£ 

2#{p|(m,di):pt/2 or p=e} otherwise 



N(b) = N, b invertible, 
2l(iV)=#<( bCO dl : p\biov all p\(NJ 2 ),p\£d 1 

p 3 \ bfor aUplpKNJz^p^i 

lfm = 0, then either v e (F(0)) = or d 2 = d\£ 2k and 

Vi (F(0)) = — -#Pic(C» dl ) 

Wi 

Under the same assumptions as above, formula (1.2) has an equivalent formulation as a 
product of local factors, see Proposition 7.10 in §7. 

Corollary 1.6. Assume that d\ is a squarefree discriminant. Then, for any quadratic imag- 
inary discriminant d 2 ^ d\ and any prime £ 



x 2 <did.2 
x 2 =d\d,2 mod 4 



v i (J(d 1 ,d 2 )^)=H + 1 ; K)2t K/^ (c ° nd(d2)) ) if^|cond(rf 2 ) (L3) 



where m x := dxd \ x2 and H = unless d 2 = d\£ 2k for some k > 0, in which case H = 
£-#Pfc(O0. 

In the general case, i.e., if d\ is not fundamental, then (1.3) still holds if £ > 2 is such 
that for all x = d\d 2 mod 2, x 2 < d\d 2 we have 

gcd(m x , cond(di)) = 1 or (di, —m x ) p = —1 for some p ^ t 

We conjecture that Theorem 1.5 holds even in the case that £ = 2 ramifies in both Q(v"i) 
and Q(\fd 2 ). However, the existence of multiple quadratic ramified extensions of causes 
difficulty in one of the steps of the proof, namely the proof of Proposition 8.1. It may be 
possible to get around this difficulty in our approach by a long and detailed case-by-case 
analysis. We did not undertake this analysis, and it would be interesting to determine a 
better method. 

More generally, the local factor description of (1.2) that is given in §7 suggests a conjecture 
for any pairs of discriminants whose conductors are relatively prime. 
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Conjecture 1.7. Let d\ and g?2 be quadratic imaginary discriminants with relatively prime 
conductors. Write f for the product of the two conductors and for any prime p, let d^ £ 
{d±, 0^2} be such that p \ cond(d( p )). Then, for any prime t 



v e (J(di,ds 



) 2 ) = H- 



x 2 <d 1 d 2 
x 2 =d\d,2 mod 4 



e £ (x) n 

p\m x ,p^£ 



l + v p (m) f^)=l,pt/, 



^f)=l,p\f, or 
p\d(p), (d(p), -m)p = l,p\f 
(t 1 ) = t /» V m ) even or 

pM(p)» ~ m )p = i.pl/^pH = 2 

otherwise, 



where H , m x are as above and 

6i(x) = < 



v e (m x ) i££\f,£\di 

\(vi(m x ) + l) if t\ fd(p),vt(m) odd 

if £ | d(p), t^(m) even 

1 otherwise 



We verified this conjecture with Magma for all pairs of discriminants with relatively prime 
conductors and < 250. 

1.1. Related previous work. In 1989, Kaneko[Kan89] generalized part of [GZ85, Cor. 
1.6] to arbitrary discriminants. More precisely, he proved that if d\ and c?2 are arbitrary 
discriminants and £ is a prime dividing J(di, g^), then I divides a positive integer of the form 



7(^1^2 



x 



). However, Kaneko did not obtain the stronger statement given in Corollary 1.3. 



To the best of our knowledge, the only previous generalization of Theorem [GZ85, Thm. 
1.3], conjectural or otherwise, was given in 1998 by Hutchinson. Hutchinson put forth 
conjectural extensions of the Gross-Zagier formula [Hut98] in the case that the gcd of d\ 
and 6?2 is supported at a single prime p that does not divide either conductor. While his 
formulations are very different from ours, we checked, in many cases, that they agree. 

One of the technical contributions of the present paper is a generalization of Dorman's 
theory of maximal orders in a quaternion algebra with an optimal embedding of a maximal 
imaginary quadratic order [Dor89]. We generalize this theory to include imaginary quadratic 
orders which are not maximal. The first author, together with Goren, generalized Dorman's 
work in a different direction, to higher-dimensional abelian varieties, by giving a description 
of certain orders in a quaternion algebra over a totally real field, with an optimal embedding 
of the maximal order of a CM number field [GL]. Since that work does not apply to optimal 
embeddings of non-maximal orders, it is neither weaker nor stronger than the generalization 
we give in this paper. 

Outline. We prove Theorem 1.1 in §2. The rest of the paper will focus on the proof of 
Theorem 1.5. In §3.1, we give a high-level overview of the whole proof and explain the 
differences between the general case and the cases treated in [GZ85, Dor88]. In §3.2 we 
explain how various propositions and theorems come together to prove Theorem 1.5, and 
point the reader to the individual sections where each proposition or theorem is proved. 
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Notation. Throughout, £ will denote a fixed prime. By discriminant we mean a discriminant 
of a quadratic imaginary order. We say a discriminant is fundamental at a prime p if 
the associated quadratic imaginary order is maximal at p, and we say a discriminant is 
fundamental if it is fundamental at all primes p. 

For a discriminant d, we write / for the conductor of d, and let d denote d£~ 2ve ^\ Note 
that d is fundamental at i. For most of the paper, we will concern ourselves with two fixed 
distinct discriminants d\, d 2 ; in this case, the above quantities will be denoted fi, f% and 
di,d 2 respectively. We write Sj := Vi(fi). 

We denote quadratic imaginary orders by O and write for the quadratic imaginary 
order of discriminant d. We set Wd := #0^ and Wd := The notation W{ will refer 

to the special case d = di. If £ is ramified in O, then I will denote the unique prime ideal 
in O lying above £. We write D for the principal ideal generated by yfd. In §5, we will give 
background on quadratic imaginary orders, and fix some more notation there. 

Let Hd denote the ring class field of Od, and let Hi := Hd v Let fa denote a prime of Oh, 
lying over £. When £\ fi, we let W denote and let n denote a uniformizer of W. 
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2. Proof of Theorem 1.1 

By [ST68, §§5,6], there exists a number field K such that, for every prime q and every [r] 
of fixed discriminant d, there exists an elliptic curve E/Ok with good reduction at all (\\q 
such that j(E) = j(r). More specifically, we may take K to be the ring class field of Od, 
unless d = —3p 2k or — 4p 2k for some prime p and positive integer k. In that case, we may 
assume that K is a finite extension of the ring class field of Od ramified at p. 

For each i, let Li be the ring class field of Od t , if di ^ —3p 2h , —4p 2k for some prime p. If 
di = —3p 2k or — 4p 2h , let Li be a fixed finite Galois extension of the ring class field of 
such that the above properties hold. Let L be the compositum of L\ and L 2 and let Ol 
be the ring of integers. Then, by the discussion above, for every [n] of discriminant di and 
every prime q, there exists an elliptic curve E/Ol with good reduction at all q\q such that 
j(E) = we call let E{ji) denote such an elliptic curve. 

Fix a rational prime I and a prime \i of Ol lying over £. Let A be the ring of integers of 
Ll nr . Then, by [GZ85, Prop 2.3], we have 

Vn(j(n) -j'(r 2 )) = i^#Isom A/M n( J E(ri), J B(r 2 )) 

n 

for all [tj] of discriminant dj. Write E± for E(ji). Since r, is an algebraic number of discrim- 
inant di, we have an isomorphism O^ — End(£7j), and an embedding 

O dl = End(^) m- End A/M (£i). 
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For any g G Isom J 4/ (U (£?i, E 2 ) we obtain an isomorphism EndA/ f _ l (E 2 ) — End J 4/ M (£'i) by 
conjugating by g. Thus we have an embedding (that depends on the choice of g) of Od 2 ^ 



Definition 2.1. Let i: O ^ R be a map of ^-modules. We say this map is optimal at p if 



where the intersection takes place inside of R ® Q p 

Proposition 2.2. Let E be an elliptic curve over A that has good reduction and that has 
CM by an order O. Write Eq for the reduction of E. Then then embedding 



is optimal at all primes p 7^ £. It is optimal at £ if and only if O is maximal at £. 

Proof. If E has ordinary reduction, then this is a well-known result, see, for example [Lan87, 
§13, Thm. 12]. Assume that E has supersingular reduction. We write E n for E mod /i n+1 
and let G End(-E'o) be the image of a generator of O. By [Vig80, Chap. II, Lemma 1.5] 
there is a unique maximal order in End(-Bo) ® Qt which consists of all integral elements. 
Therefore, the order (End(-B) <S> Q) H End(£ , ) must be maximal at £, and so the embedding 
End(-E) End(-E'o) is optimal at £ if and only if End(-E) = O is maximal at £. 
By the Grothendieck existence theorem [Con04, Thm 3.4], we have that 



is a bijection. So to complete the proof, it suffices to show that End(E') DQ(0) C End(£' n ) ® 
Z[l/£] for all n > 0. Let ip G End(£ ) H Q(<f). We may write if) := -h; (a + b(p) for some 
a,b, f G Z, k G Z> , where £ \ f. Since G im(End(-E') — > End(_E )), both <p an d a + b(p 
are endomorphisms of E n , and of T n , the ^-divisible group of E n . The endomorphism ring 
End(r n ) is a Z r module, so £ k ip = j (a + b<p) is in End(r„). Thus, by Serre-Tate [Con04, Thm 

3.3], iff G End(£ n ) <g> Z[l/£]. This completes the proof. □ 

This proposition shows that £\J(di,d2) only if there exists a T\ such that there is an 
optimal embedding ^ End^^-E^Ti)). Given such an optimal embedding, we can 
consider the sub-order R of End^^-Ei) that is generated by the images of and Od 2 - A 

calculation shows that the discriminant of R is ^ dld2 4 ~ x2 j for some x G Z with x 2 < g^g^ 
and g?i6?2 = x 2 mod 4. 

For any non- negative integer m of the form dld2 ~ x ; we define F(m) to be the unique ideal 
in Ol such that for all rational primes £ and all primes fi\£ in Ol 



where i? is the suborder of End y 4/ /J (-E'(Ti)) described above and C — 1 if 4m = g?i6?2 and 
C = 2 otherwise. (The presence of this C scalar is to agree with the convention set in [GZ85]. 
Since Gross and Zagier take the product over x-values, for every m ^ d\d 2 j^ the value F{m) 
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End A/M (£i). 



(l(0) ®Q P ) HR = i(0), 



End(E) End(Eo) 



End(E) limEnd(£ n ) 




appears twice in the product, once from x and once from — x.) From this definition and the 
previous discussion it is clear that 



x 2 <d\ d.2 
v 2 =did,2 mod 4 



In addition, the condition defining F(m) is Galois invariant, so v^(F(m)) = v^{F{m)) for 
any /i, /J lying over the same prime £. 

Assume that F(m) is non-trivial. So there exists a prime £ and an elliptic curve E/Wg 
with embeddings : O^. > End(-E) such that the images of ii and £2 generate an order 
R of discriminant m 2 . The endomorphism ring End(_E) is either an order in a quadratic 
imaginary field, or a maximal order in the quaternion algebra B,? j00 ramified only at £ and 
oo [Lan87, Chap. 13 §2]. Since a maximal order in a quaternion algebra has no suborders 
of rank 3, if m — 0, then R must be a rank 2 Z-module. Since is optimally embedded in 

EndA/ Al (-E'(Ti)) this implies that d\ = d 2 , i.e. that d 2 = d\£ 2k for some k G Z^ - 

Now consider the case when m is nonzero. Then R is rank 4, and thus R ®% Q is B^ j00 , 
the quaternion algebra ramified only at £ and oo. A straightforward calculation, which does 
not depend on £, shows that 



= c/i, j 2 = -m, ij = -ji i 2 = d 2 , j 2 = -m, ij = -ji 

Since this quaternion algebra is ramified only at i and oo, this implies that the Hilbert 
symbol (d\, —m) p = (rf 2 , — m) p = 1 if and only if p ^ I. In addition, I divides the reduced 
discriminant of any order in B^ j00 , so £\m. Since F(m) is a Galois invariant fixed ideal 
supported only at primes lying over £, we may consider F(m) to be just a fractional power 
of £. This completes the proof of Theorem 1.1. □ 

Example 2.3. Assume that there is a quadratic character e that is defined on every prime 
p that divides a positive integer of the form \{d\d 2 — x 2 ). In addition, we assume that if 
p \ gcd(di, o^) and if p \ /1/2, then e(p) agrees with the definition in [GZ85, Thm. 1.3], and 
that 

77 2 

F(m)= Y[ n e{m/n \ where m = 1 2 ~ % . (2.1) 

n\m,n>0 

Consider the following example. Let d\ = — 3 ■ 7 • 11 and d 2 = 5d±. We will study the cases 
where x 2 = 33 2 and 99 2 , i.e. when m = 3 2 11 2 61, and 3 2 11 2 59 respectively. Equation (2.1) 
shows that 

u 3 (F(3 2 ll 2 61)) = ^ 3 (F(3 2 11 2 59)) = (4 + 2e(3))(l + e(ll) + e(ll) 2 ), 
wn(F(3 2 ll 2 61)) = wn(F(3 2 ll 2 59)) = (4 + 2e(ll))(l + e(3) + e(3) 2 ), 
i; 61 (F(3 2 ll 2 61)) = i; 59 (F(3 2 ll 2 59)) = (1 + e(3) + e(3) 2 )(l + e(ll) + e (ll) 2 ). 

On the other hand, we can also calculate F{m) using the results in the proof of Theo- 
rem 1.1. Theorem 1.1 implies that F(3 2 ll 2 61) is supported only at 3 and that F(3 2 ll 2 59) is 
supported only at 11. Moreover, the proof gives a method of determining whether F(m) is 
a nontrivial power of 3, or 11 respectively, and the calculation shows that this is indeed the 
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case. But the above expressions show that either 3 divides both F(3 2 ll 2 61) and _F(3 2 11 2 59), 
or it divides neither, which gives a contradiction. 



3. Overview of proof of Theorem 1.5 

Henceforth, we fix a non-negative integer m of the form and a prime £, and we 

assume that £\ f\. We retain the notation fixed in §2. Recall from §2, that 

v e (F(m)) = e W^) _1 ^r E E# if e ^o^A/A E (n),E(r 2 )) : disc( J R) = m 2 } . 

[n] n>\ 
disc(Ti)=di 

3.1. High-level strategy. As discussed in §2, an element of / G Isom^/^n gives rise to 
an embedding of Od 2 End J 4/ jU n(£ , (n)) that is optimal away from £. We first show that 
the problem of counting elements in U T2 Isom a/ ^ (E (ti), E(t 2 )) is equivalent to counting 
elements in End J 4/ (U n(£?(ri)) that have a fixed degree and trace and have a fixed action on the 
Lie group. To compute these elements we give detailed constructions of the endomorphism 
rings End J 4/ M n(£'(r 1 )), and show that the endomorphisms of a fixed degree and trace are in a 
finite-to-1 correspondence with ideals in of a certain norm. We then classify how many 
of these endomorphisms have the desired action on the Lie group. 

This high-level strategy is the same as that employed by Gross and Zagier in the case that 
—d\ is prime, d 2 is fundamental, and gcd(di,d 2 ) = 1, and, soon after, by Dorman in the 
case that d\ is squarefree, d 2 is fundamental, and gcd(di,d 2 ) = 1- However, the general case 
presents significantly more technical difficulties, which is perhaps not surprising, as it has 
been over 20 years since Gross-Zagier and Dorman published their papers. 

First, the straightforward generalizations of the constructions of the endomorphism rings 
End J 4/ /Lt »(£?(ri)) given in [GZ85, Dor89] to the case where d x = (mod 4) and fi a prime 
of characteristic 2 completely fail, even if d\ is fundamental. If d\ is not fundamental, 
then many arguments in [GZ85,Dor89] fail since the localizations of Od 1 are not necessarily 
discrete valuation rings. In addition, the descriptions of the constructions given in [Dor89] 
in the case that d\ is squarefree and £ is ramified were not complete and the proofs were 
completely omitted. We give a construction that works generally for all d±, not necessarily 
fundamental, and all primes £ regardless of the splitting behavior of £; see §6 for more details. 

The next difficulty arose in studying the elements of the endomorphism rings; this study 
takes place in §7. The elements of these endomorphisms rings give rise to a study of ideals 
in Od-L i an order that is not necessarily maximal. This leads to difficulties in two ways. The 
first is that, in the Picard group of a non-maximal order, we can no longer assume that 
every 2-torsion element is represented by a ramified prime ideal. The second is that there 
are many more invertible ideals of order p n for n sufficiently large when p\f\ than in the 
usual case. 

The last point of difficulty is in determining the action on the Lie group in the case that 
d\ and d 2 share a common factor. If d\ and d 2 are relatively prime, the action is almost 
trivial to compute. Indeed, this step in [GZ85] was dealt with by a one line argument. The 
general case is significantly more involved; see §8 for more details. 

3.2. Detailed outline of proof. Assume that d\ is fundamental at £. Let W be the 
maximal order of (Q$ nr if £ \ d\ and the maximal order of Qi(y/di) unr otherwise; we write 
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7r for the uniformizer of W. Let E/W be an elliptic curve with CM by Q& x and with good 
reduction. 

As discussed above, we will relate the elements of Isom^/ M n to certain endomorphisms. 
Consider the following subsets of End^n (E). 

<7 (F/A\-= S ^ G End A/^(E) : 4> 2 -d 2 ^+\(d 2 -d 2 ) = 0, 1 
nl ' ; ' \ Z[0] ■=— >■ End A/M (£) optimal away from £ J ' 

S Lic (£M) ■= { ^ G S n( E / A ) : ? := + - = 5 in Lie(£ mod 

n \ = 5 in Lie(E mod fi n ), 

where 5 G A is a fixed root of Az 2 - Ad 2 z + - d 2 , and 5 := £ S2 S - \l S2 d 2 (\ - £ S2 ). (Note 
that with this definition 5 satisfies Az 2 — Ad 2 z + d 2 — d 2 .) In §4 we show that 



^ # Isom j4/At n( J E, £(r 2 )) 



2 



W 2 #S^{E/A) if/f/ : 

w 2 £ S2 -\£ + l)^S^ c (E/A) Mi\f 2 ,£\d 2 ,n< e 2 

w 2 £ S2 #S^ c (E/A) X£\f 2 ,l\d 2 ,n< e 2 

otherwise, 



(3.1) 



where e 2 = e 2 is the //-ramification degree of L over H 2 . 

In order to relate ve{E(m)) to the cardinalities of S^ 1C , we must first partition these sets 
by m; recall that Ve(F(m)) counts isomorphisms that give rise to a suborder of End(i?) of 
discriminant m 2 . We define: 

S n , m (E/A) := {0 G S n (£/A) : disc(O dl [0]) = m 2 } , 
:= S n , m (£M) n S^{E/A). 

From the definition of F(m) and (3.1), we see that 



2- 



^-eC <! S^^ + ^EnEx^^^^OM) if£|/ 2 ,£R, 

^ S2 E T1 Ei< n < e , #s^°{E{ n )/A) ut\f2,£\d 2 , 



(3.2) 

where C = 1 if 4m = dxd 2 and C = 2 otherwise. It remains to compute ^ j^S^^Eiji) / A). 
We will first compute J2 Tl #Sn, m {E{n) /W) (we define S n (E/W) and S ntm {E/W) by replac- 
ing yl with W and with ir in the definitions of S n (E/A) and S n>m (E / A) above). 

When m ^ we do this by giving an explicit presentation for Endw/7r n (-E')(§6), and then 
use this presentation to relate the elements of S ntm (E/W) to integral invertible ideals of 
norm m£~ r , where r = 2n — 1 if £ is inert in Q(v"2~) and r = n otherwise(§7). More precisely 
we prove 

Theorem 3.1. Assume that £ \ f\ and that m ^ 0. Then ^ ^S n ^ m (E(Tx) /W) is equal 
to an explicitly computable weighted sum of the number of certain invertible ideals of norm 
£~ r m, where r = 2n — 1 if £\d\ and r = n otherwise. If, in addition, m and f\ are relatively 
prime, then 

^#5 n „ m (E(r 1 )/W) = ^pp(m)2l(r r m), 



where 



p(m) 



if (di, —m) p 

2#{p\( m 4i)-p\f2 or p=e} otherwise. 



-1 for p\d 1 ,p\ fi( 



and 



N(b) = iV, b invertible, 
pjb for allp|gcd(iV,/ 2 ),pf^i 
p 3 |b for all p|p|gcd(iV,/2,di),P^ 



We also prove (see §7) that p(m)2t(£ _r m) can be expressed as a product of local factors. 

When m — 0, then S ntTn (E / A) consists of elements in with trace d 2 and norm ^ — d 2 ). 
In addition, the order generated by these elements must be optimally embedded at p ^ i. 
Thus #S nfl (E/A) = 0, unless d 2 = dt£ 2k , in which case #S nfi (E/A) = 2. 

Finally, in §8, we show that 



if 



and if l\ f 2 , 



n=l 



f#S F 1 (£(T 1 )/W) if^R, 
e 2 #5 1 (E(r 1 )/W) if*|d 2 , 

|En#^(^(ri)/W) if 4 
E n #^(^(r!)/W) if*. 



?i or £ | d 2 , 



(3.3) 
(3.4) 



Now we may assemble (3.2), (3.3), and (3.4) to prove: 

|E n En>l#^(^(Ti)/W) 



e(n/e)v e (F(m)) 



ae \d 1 f 2 ,£\d 2 , 

if^t/2,2^£|gcd(di,d 3 ) 
either or £ \ d 2 , 



and 



f^i"- 1 ^ + 1) E T1 #5i, m (£;(ri)/W) if £|/ 3 , £ { 



^ 2 En #5l,m(£?(Ti)/W) 



if ^|/ 2 , *|d 2 . 



To complete the proof of the theorem, we must compute e(p/£). If £ \ f 2 , then the only 
ramification comes from that of Q(\/di, \/d 2 )/Q- If ^1/2, then we compute the ramification 



by computing the ramification separately in the subextensions L/H 2 , H 2 /H^ /Q. The 



ramification degree of H 2 /H^ is equal to # Pic(Orf 2 )/#Pic(0j 2 ). Thus, by [Cc 89, Cor 7. 



e(p/£) 



fl 

2 



if £ \ d\d 2 

iil\d 1 d 2 ,l\f 2 ,2\{di,d 2 ,£) 
^£ S2 ~ l (£ + l) if£\f 2 ,£\d 2 
X£\f2,£\d 2 



W2_ 
W2 



and so 



CW! 



ve(F(m)) 



|En#^-(^(^)/ W ) if 



If m ^ 0, £ { f\ and either £ is odd or I does not ramify in at least one of Q(v3i) or Q(v / d 2 ) ) 
then by Theorem 3.1, vt{F(mf) is an explicitly computable weighted sum of invertible ideals 
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of norm £ r m. If, in addition, fi is relatively prime to m, then we apply Theorem 3.1 to 
establish: 



vt(F(m)) 



JpHE r >i2t(m/F) if£\f 2 
p(m)^{m/£ 1+ < cond ^) ii£\f 2 



If i\d\ or, equivalently, when e = 2, then p(m) is always even. Since in all other cases 
e = 1, it is clear that Vi(F(m)) is an integer. If m = and d 2 = di£ 2k , then we have 
^(F(O)) = ^#Pic(0 dl ). □ 



4. Relating Isom A//J n to S^ ic 

We retain the notation from the previous section. From now on, we assume that £ \ f±. 
In this section, we prove 

Proposition 4.1. Let E be any elliptic curve over A with good reduction and such that 
E = Od x ■ Let d 2 be a quadratic imaginary discriminant different from d\ . Then 



^2 # Isom A/M n (E, E(t 2 )) 



(w 2 #S^ c (E) if£\f 2 

w 2 £ s *~\£ + l)#S^{E) if£\f 2 , £\d 2 ,n< e 2 (p/£) 

w 2 £ s ^SY c {E) if £\f 2 , £\d 2 ,n < e 2 (fi/£) 

otherwise, 



where e 2 (p/£) is the ramification degree of LJJ nr over the completion of ring class field of Od 2 
at the restriction of \i. 

Proof. Let E' = E(r 2 ) for some t 2 . Assume that lsovaA/fj,n(E, E') ^ 0, and let g G 
lsomA/^n(E, E'). If 9 G End(-E') is the unique element such that 9 = 5 in Lie(E'), then 
9 9 := go9og~ 1 e End(-E mod p n ) has degree equal to h(d 2 — d 2 ), trace equal to d 2 , and 9 9 = 5 
in Lie(-E mod fi n ). In addition, the order Zf^ 9 ] is p-optimally embedded in End(-E mod p) 
for all p ^ I by Proposition 2.2. If p = £, then 9 := £~ S2 9 + \d 2 (l - £ S2 ) G End(£' mod /i) 

and 9, 9 9 are equal to 5 in Lie(£" mod p), Lie(E mod p) respectively. Therefore, we have a 
set map 

\Jlsom A/fin (E,E(r 2 )) — ► S^{E/A) (4.1) 

N 

Consider the case where £\f 2 . By [LT66] and by comparing ramification degrees of £ in 
L and in H 2 , we see that lsom.A/^(E, E{r 2 )) = for all r 2 and all n > e 2 (p/£). Suppose 
n < e 2 (p/£). Let #1,(72 G Isonu/^i?, E{t 2 )) for a fixed T2. If 6* 91 = 9 92 , then gig^ 1 is an 
automorphism of E{r 2 ) mod p n that commutes with Therefore g\g 2 l is a unit of O^, so 

the map (4.1) is w 2 -to-l. By [Gro86, Prop 5.3], if £\d 2 there are £ S2 different r 2 such that 
the pairs (E(t 2 ) mod p n , Z[#] c — > End(i?(r 2 ) mod /i n )) are all isomorphic, and £ S2 ~ l (£ + 1) 
different T2 if £ \ d 2 . The same result of Gross [Gro86, Prop 5.3] proves that (4.1) is surjective. 

If £ \ f 2 , Proposition 2.7 and the discussion at the top of page 201 in [GZ85] shows 
that (4.1) is u>2-to-l and surjective. □ 
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5. Background: quadratic imaginary orders 



Let O be an order in a quadratic imaginary field, and let d be the discriminant of O. Let 
a be an ideal in O. If O is not maximal, then we can not necessarily write a uniquely as a 
product of primes. However, we can always write a uniquely as a product of primary ideals 
where no two ideals in the factorization are supported at the same prime. Precisely, for any 
prime p, define a p := O R aO p . Then a = f] p a p , and since for any 2 distinct primes p, q, a p 
and a q are co-maximal, we have that 

a = Y[a p 

p 

(See [Neu99, Prop 12.3] for more details.) If there is a unique prime p C O lying over p, 
then we will often write a p instead of a p . 

We will often be concerned with the special case where a = D := \fdO. If p\d is odd, 
then for a,b E O, the difference a — b E D p if and only if Tr(a) = Tr(6) (mod p Vp w). If 
p = 2\d, then a — b E D2 if and only if cto = bo (mod 2 V2 ^~ 1 ) and a\ = 61 (mod 2), where 
a = a + and 6 = 6 + 

5.1. The Picard group. The Picard group of O, denoted Pic((9), is the group of invertible 
fractional ideals modulo fractional principal ideals. It is isomorphic to the form class group 
C(d), the group of classes of primitive positive definite forms of discriminant d [Cox89, §7]. 
We will use this isomorphism to determine whether there exists an ideal in 2 Pic((9) of a 
certain norm. For more information on genus theory, i.e. the study of Pic((9)/2 Pic(O), 
see [Cox89]. 

Let pi, . . . ,pj be the distinct odd primes dividing d. Define 

{j if d = 1 (mod 4) or d = 4 (mod 16), 

j + 1 if d = 8, 12 (mod 16) or d = 16 (mod 32), 
j + 2 if = (mod 32). 

For i = 1, . . . , j, we define XpX ) '■= (p) f° r a coprime to pi. For a odd, we also define 
X-i(a) '■= (-1)^, Xs{a) := (-1)^ • Then we define ^: (Z/rfZ) x {±l} fc as follows. 



(Xpi ) • • 


• 5 Xpj ) 


ifd = 


1 


(mod 4) or d = 4 (mod 16), 


iXpi 1 • • 


-,x Pj ,x-d 


ifd = 


12 


(mod 16) or d = 16 (mod 32) 


( {Xpi 5 • • 


■ ) Xpj ? Xs) 


ifd = 


8 


(mod 32), 


(Xpi 5 • • 


■,X P j,X-4Xa) 


ifd = 


24 


(mod 32), 


k [Xpi 5 • • 


■,X Pj ,X-i,X8) 


ifd = 





(mod 32). 



For a prime p that divides d, but does not divide the conductor / of O, we define 

12 (mod 16), 
8 (mod 32), 
24 (mod 32). 



( 

Xpi 


if p 


= Pi, 




if p 


= 2 and d 


X8 


if p 


= 2 and d 




if p 


= 2 and d 
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Let be the projection of \& on the components that are complementary to the one that 
appears in 

We extend to integers divisible by p by defining ^ p (p) = ( J-) where d* = ^n— if p 

(-l)T-p 

odd, and d* = — |, |, or — |j if p = 2 depending whether d = 12 (mod 16), d = 8 (mod 32) or 
d = 16 (mod 32), respectively. Equivalently, we can define ^ p {n) to be the Hilbert symbol 
(d, n) p , for any integer n. Thus we can extend \l/ to (Z//Z) x , where / denotes the conductor 
of O. 

This map ^ can be used to test when an ideal a is a square in the Picard group. 

Theorem 5.1 ([Cox89, §§3&7]). For any positive integer m prime to the conductor f of 
Od, there exists an invertible ideal a such that N(o) = m and [a] G 2Pic(C?d) if and only if 
m G ker \I/ . 

From this theorem, we can easily obtain the following corollary. 

Corollary 5.2. Let £ be a prime that divides d, but does not divide the conductor f . Let a 
be an invertible integral ideal that is prime to the conductor. Then [a] G 2 Pic(C) if and only 
i/N(a) G ker $ £ . 

Proof. Define ip: (Z//Z) x — > {±1} to be such that for any positive integer m that is coprime 
to /, ip(m) = 1 if and only if there is an ideal in O of norm m. Using quadratic reciprocity, 
one can check that 

P \d 

From this it is clear that N(a) G ker\l/^ if and only if N(o) G ker^, which completes the 
proof. □ 

Unfortunately, the map \P cannot be extended to all integers while still retaining the 
properties described in Theorem 5.1 and Corollary 5.2. This is because it is possible to have 
two invertible ideals a, b C Od with the same norm, such that ob -1 G^ 2Pic(Cy. This can 
only occur when the ideals are not prime to /. 

Let a be an integral invertible ideal that is supported at a single prime p that divides 
the conductor, i.e. a q = (1) for all q { p. Let a G O be a generator for aO p such that 
gcd(N(a), /) is supported only at p. Then a ~ a in Pic(O), where 

a:=O p nf|(aO q ), 

and N(a) is coprime to the conductor. Thus, the genus of a is equal to \l/(N(o)). Since 
every ideal can be factored uniquely into comaximal primary ideals, this gives a method of 
computing the genus class of any ideal. 

6. Parametrizing endomorphism rings of supersingular elliptic curves 

Let I be a fixed prime and let O be a quadratic imaginary order of discriminant d such 
that £ \ f :— cond(rf). We assume that £ is not split in O. Let W be the ring of integers in 
Q£ Iir (v / rf), and write it for the uniformizer. By the theory of complex multiplication [Lan87, 
§10.3], the isomorphism classes of elliptic curves that have CM by O are in bijection with 
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Pic((9), and every elliptic curve E with CM by O has a model defined over W. Moreover, 
by [ST68, Cor. 1], we may assume that E has good reduction. 

Fix a presentation 1B>£ i00 of the quaternion algebra ramified at £ and oo, and fix an embed- 
ding L := Frac(C) M ijOQ . The goal of this section is to define, for every [a] G Pic(C), a 
maximal order R(a) C I>£ j00 such that 

(1) R(a)nL = O, 

(2) R(a), together with the optimal embedding O ^ R(a) is isomorphic to the embed- 
ding End(-B(a)) > End(-B(o) mod 7r), where E(a) is the elliptic curve with CM by 
O that corresponds to a, and 

(3) h~ x R{v)b = R(ab). 

Since we will use these maximal orders in the next section to compute the sets S n ^ m (E(a)), 
we also want the orders R(a) to be fairly explicit. 

Our construction of these maximal orders R(a) generalizes the work of Gross-Zagier [GI 
and Dorman [Dor89], where they defined maximal orders with these properties under the 
assumption that — d is prime [GZ85] or d is squarefree [Dor89]. We treat arbitrary discrimi- 
nants d, correct errors and omissions in some proofs in [Dor89], and treat the ramified case 
in detail, giving complete definitions and proofs. 

Note that Goren and the first author have given a different generalization of Dorman's 
work [GL] to higher dimensions, which works for CM fields K, characterizing superspecial 
orders in a quaternion algebra over the totally real field K + with an optimal embedding of 
Ok+- That work also corrects the proofs of [Dor89], but in a slightly different way than we 
do here, and does not handle the ramified case or non-maximal orders. 

6.0. 1. Outline. In §6.1, we give an explicit presentation of B^ j00 that we will work with 
throughout. The construction of the maximal orders R(a) depends on whether £ is inert 
or ramified in O. The inert case is discussed in detail in §6.2, and the construction in the 
ramified case is given in §6.3. In these sections we also prove that our construction satisfies 
conditions (1) and (3). While the construction of R(a) is different in the ramified case, many 
of the proofs go through as in the inert case with minor modifications. Because of this, 
in §6.3, we only explain the modifications and omit the rest of the proofs. In §6.4, we show 
that these constructions also satisfy property (2). 

6.1. Representations of quaternion algebra. Given a fixed embedding i: L B^ )00 , 
the quaternion algebra M ijOQ can be written uniquely as l(L) © t(L)j, where j G 1B>£ i00 is such 
that jL{a)j~ l = t{ce), for all a G L. Thus j 2 defines a unique element in Q X /N(L X ). From 
now on, we will represent B^ j00 as a sub-algebra of M.2(L) as follows. 

B< >00 = | [a:fi]:= (j^ Q : a,/3 G i,} . (6.1) 

Under this representation, i: L ^ B^ i00 , t(a) = [a,0]. 

If I is unramified in O then we may assume that j 2 = —£q, where q is a prime such that 
— £q G ker \1/ and q \ d. If £ is ramified, then we may assume that j 2 = —q where — q G ker 
—q $l ker^ and q \ d. (Recall that and were defined in §5.) In both cases, these 

conditions imply that q is split in O. 
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6.2. The inert case. Let a C O be an integral invertible ideal such that gcd(/, N(o)) = 1. 
Let q be a prime ideal of O lying over q. For any A G O such that 

(1) Aq^ocr 1 C O, and 

(2) N(A) = -iq (mod d), 

we define 

R(a, A) := {[a,P]:ae ST 1 , /3 G q -1 ^ 1 ©-^" 1 , a - X/3 e O} . 

From this definition, it is clear that if A' satisfies (1) and (2) and A = A' (mod 2)), then 
R(a, A) = R(a, A'). We claim that, for any a and A, R(a, A) is a maximal order. 

Remark 6.1. Although Dorman [Dor89] does not include condition (1) in his definition, it is, 
in fact, necessary. Without this assumption R(a, A) is not closed under multiplication, even 
if d is squarefree. This was already remarked on in [GL]. 

Remark 6.2. Write A = A + If d is odd, then the congruence class of A mod D is 

determined by A mod d. In addition, the condition that N(A) = — £q (mod d) is equivalent 
to the condition that Aq = — £q (mod d). Therefore, if d is odd, then we may think of A as 
an integer, instead of as an element of O. This was the point of view taken in [GZ85,Dor89]. 

Lemma 6.3. R(a, A) is an order. 

Proof. We will show that R(a, A) is closed under multiplication. All other properties are 
easily checked. Consider 

ai bi 
_\fd ) \fd\ 

Their product is in R(a, A) if and only if 

(1) a x a 2 + £qhb 2 G D 

(2) a x b 2 -a 2 bi G Dq^ocT 1 

(3) aia 2 + £qbj) 2 — Xa\b 2 + \a 2 bi G dO 

Claim 1: Note that a\a 2 + £qbib 2 can be rewritten as 

(a x - Xh)a 2 + \b x (a 2 - \b 2 ) + A6x(A6 2 - Xb 2 ) + (N(A) + £q)b 1 b 2 . (6.2) 

Using the definition of R(a, A) and the fact that for any c G O, (c — c) G D, one can easily 
check that (6.2) is in T). 

Claim 2: We rewrite a±b 2 — a 2 bi as {a\ — \b{)b 2 — (a 2 — Xb 2 )bi + bi(\b 2 — Xb 2 ). From this 
description, one can easily check that a\b 2 — a 2 bi G Dq" 1 ^^ 1 . 

Claim 3: Let a\ G O be such that = Xbi + \fda' i . Then we can rewrite a\a 2 + £qbi~b 2 — 
\a\b 2 + Xa 2 b\ as 

X 2 b x b 2 + v / rfA(6 1 a' 2 + 0^62) + da\a' 2 + £qb 1 b 2 - }?b x b 2 - \Vda[b 2 + N(A)6 2 &i - \\ / db 1 a 7 2 

(6.3) 

= da[a' 2 + (N(A) + £q)b l b 2 + Xy/db^ - a 2 ) (6.4) 
Similar arguments as above show that (6.4) is in dO. □ 
Lemma 6.4. The discriminant of R(a, A) is £ 2 , and so R(a, A) is a maximal order. 
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a 2 



a/cT \fd 



G R(a, A). 



Proof. To prove this lemma, we will use an auxiliary (non-maximal) order 

R(a) := {[a,P] : a G O,0 G acT 1 } 
One can easily check that this is an order. Let U)i,U2 be a Z-basis for aa -1 . Then 

[1,0], [(d + Vd)/2,0], [0,wi], [0,w 2 ] 

is a Z-basis for i?(o). Using these basis elements, one can show that disc(i?(o)) = (£qd) 2 . 
We claim that R(a) is related to R(a, A) by the following exact sequence, 

-> £(a) -> i?(a, A) q- 1 ©- 1 ^- 1 /^ -1 -> 0. 



This exact sequence implies that 
Proof of claim: Exactness on the 



i?(o, A) : R(a) = qd, and thus the lemma follows. 

eft is straightforward. Exactness on the right holds since 



for any G q 1 D 1 aa, [A/3,/?] G i?(a, A). The order R(a) is clearly in ker([a,/3] ^ (3), and 
the reverse containment follows since (3 G acT 1 implies that A /3, and hence a, is in 0. □ 

Given an ideal o, we will now construct a A = A a satisfying conditions (1) and (2). Since 
we want our orders R(a) := R(a, A ) to satisfy 

R(a)b = bR(ab) 

the relationship between X a and A„6 will be quite important. In fact, the relation 

R(0)a = aR(a) 

shows that R(a) is determined from R(0) and so A n mod D is determined by \q mod D. 

6.2.1. Defining \ a . For all regular ramified primes p, fix two elements \( p \ A^ G (9 with 
norm congruent to — £q mod p v{ - > such that A( p ) ^ A( p ) (mod S)p). For all irregular ramified 
primes p, fix A (p) G C such that N(A (p) ) = -Iq (mod p v(d) ). 

For any prime ideal p of O that is prime to D, let M(p) denote a fixed integer that is 
divisible by N(p) and congruent to 1 (mod d). For any product of regular ramified primes 
bd := Hp regular p 6p , we write Xb d for any element in O such that 



Xb^ mod D r 




if e p = (mod 2) 
if e p = 1 (mod 2) 



for all regular primes p and A b = A^ ( mod Dp) for all irregular primes. These conditions 
imply that A[, d is well-defined modulo D. 

Let a be an invertible integral ideal O such that gcd(N(o), f) = 1. Then we may factor o 
as a' ad, where a' is prime to the discriminant and ad is supported only on regular ramified 

primes. We define A := (n p | a ' M(p) Vp ^ a '^ M(q)A Qd . Note that it follows from this definition 

that A a is well-defined modulo D and, importantly, that A a satisfies A a q _1 aa _1 C O and 
N(A„) = -iq mod d. 

Lemma 6.5. Let a, b be two invertible ideals in O that are prime to the conductor. Assume 
that a and ab are both integral. Then 

i?(a, A„)b = bR(ab,X a b). 
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Proof. We will show that R(a,X a )b C bR(ab, \ a b). The reverse containment then follows 
by letting a = ab and b = b _1 . Note that if b = bib^ 1 with bj integral, we may rewrite b 
as b^N^) -1 . Since N(b 2 ) _1 is in the center of M iiO0 and R(a, X a ) = R(Na,\Na) for any 
integer N, we may reduce to the case where b is integral. We will also assume that b = p is 
prime; the general result follows from multiplicativity. 
We can write 

pR(ap,\ ap ) = {[a,P] : a epD~\f3 G q^S^opcT 1 , a - \ ap f3 G p} 

Take [a, f3] G R(a, A„) and 7 G p; the product equals [7a, 7/3]. One can easily see that 
7a G p£) _1 and that 7/3 G q^S^apcT 1 . It remains to show that 7a — A ap 7/3 G p. 

Consider the case where p is unramified. Since A ap = M(p)A a , we may rewrite 7a — A ap 7/3 

as 

(7 - jM(p))a + jM(p)(a - A /3) 

Since p\M(p) and M(p) = 1 (mod d), one can easily check that (7— 7~M(p))o; and 7~M(p)(a — 
\ a (3) are in p. 

Now consider the case where p is ramified. Then A a — A ap G Q p > for all ramified p' 7^ p, so 
it is clear that ty (7a — A ap 7/3) > for all p' 7^ p. It remains to show that v p (ja — 7A ap /3) > 1. 
First consider the case when p|2. Rewrite 7a — A np 7/3 as 

7 (a - A a /3) + 7 (A a - A np )/3 + A ap /3( 7 - 7)- (6.5) 

From the definition of A a , we see that f p (A a — A ap ) = v p (D) — 1. Thus 7(A a — A ap )/3 is a 
p-adic unit if v p (f3) = — v p {^>) and v p (j) = 1, and in p otherwise. Moreover, the same 
characterization holds for A ap /3(7 — 7). Since #0/p = 2, a sum of two p-adic units is in p. 
Hence, we conclude that v p (ja — 7A ap /3) > 1. 

If p is odd, then v p (f3) > —1. Combining the last two terms in equation 6.5, we see that 
we need to prove that f p ((7A — 7"A ap )/3) > 1, so it suffices to prove that f p (7A a — 7"A ap ) > 2. 
From the definition of A a , we see that A a + A np G p, and since 7 G p, 7 + 7 G p 2 . Thus 
7(A a + A ap ) - (7 + 7)A ap = 7A a - 7A ap is in p 2 . □ 

6.3. The ramified case. Let a C O be an integral invertible ideal such that gcd(/, N(a)) = 
1. Let q be a prime ideal of O lying over q. For any A G O such that 

(1) Aq^ocr 1 C O, and 

(2) N(A) = -q (mod d/£), 

we define 

R(a,X) := {[a,0\:ae IS)" 1 ,/? G q^W^aa' 1 , a - A/3 G O} . 

From this definition, it is clear that if A' satisfies (1) and (2) and A = A' (mod QV 1 ), then 
R(a, A) = R(a, A'). We claim that, for any a and A, R(a, A) is a maximal order. 

Lemma 6.6. i?(a, A) is an order. 

Proof. We will show that R(a, A) is closed under multiplication. All other properties are 
easily checked. Consider 

cii bi 
_\fd y/d\ 

Their product is in R(a, A) if and only if 
(1) a x a 2 + qbj> 2 G ID 
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a 2 



y/d y/d 



G R(a, A). 



(2) a x b 2 -a 2 bi G t!Dq _1 oo -1 

(3) d\d2 + qb\b~2 — Aai& 2 + Xa 2 bi G dO 

The proof of these claims goes through exactly as in the inert case, after replacing every q 
in the inert case with q/£, and after noting that a^Hi G ( and bi,bi G lq _1 aa _1 . □ 

Lemma 6.7. The discriminant of R(a, A) is £ 2 , and so R(a, A) is a maximal order. 

Proof. This proof is exactly the same as in the inert case after replacing q with qji. □ 

6.3.1. Defining X a . For all regular ramified primes p, fix two elements A^,A^ G O with 

norm congruent to — q mod p v ( d ' e > such that \W ^ A^ ( mod D p ). If p = I and I 7^ 2, then 

in addition we assume that A^o = — A^i.For all irregular ramified primes p, fix A^ G O such 

that N(A (p) ) = -q (mod p v W*>). 

For any prime ideal p of O that is coprime to D, let M(p) denote a fixed integer that is 

divisible by N(p) and congruent to 1 (mod d). For any product of regular ramified primes 

bd := np regular p ep , we write X bd for any element in O such that 
Pis 



A& , mod D 




if e p = (mod 2) 
if e p = 1 (mod 2) 



for all regular primes p and A b = A^ ( mod Dp) for all irregular primes. These conditions 
imply that At, d is well-defined modulo D. 

Let a be an invertible integral ideal O such that (N(a), /) = 1. Then we may factor a as 
a' ad, where a' is coprime to the discriminant and is supported only on regular ramified 

primes. We define A a := (n p | a ' M(p) v ^ a '^ M(q)A a<r Note that X a is well-defined modulo D 

and that A a satisfies A a q _1 aa _1 C O and N(A a ) = — q mod d/£. 

Remark 6.8. Since A a = A a[ (mod D I -1 ) for any integral invertible ideal a, the corresponding 
orders R(a), R(al) are equal. This is not surprising, since E(a) = E(al) modulo 7r. 

Lemma 6.9. Let a, b be two invertible ideals in O that are coprime to the conductor. We 
assume that a and ab are integral. Then 

R(a, X a )b = bR(ab,X ab ). 

Proof. As in the proof of Lemma 6.5, it suffices to prove that R(a, X a )b C bR(ab, X a b) and 
we can reduce to the case where b is prime. 
We can write 

p-R(ap, A ap ) = {[a,/3] : a G plUT 1 ,/? G q -1 IS) -1 op a -1 , a - A ap /3 G p} . 

Take [a, f3] G R(a, X a ) and 7 G p: the product equals [70,7/3]. One can easily see that 
7a G plD^ 1 and that 7/3 G q~ 1 K) _1 opo _1 . It remains to show that 7a — A ap /3 G p. 

We will focus on the case where b — I; if b 7^ I, then the proof is exactly as in Lemma 6.5. 
We can rewrite 7a — A ap /3 as 

7(a - A„/3) + 7/3(A a - A ap ) + A ap /3(7 - 7). 

It is straightforward to see that the first and third terms are in I. The second term is in [ 
since V{(X a — X ap ) = V[(D) — 1. This completes the proof. □ 
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6.4. Elliptic curves with complex multiplication. 



Lemma 6.10. Let R be a maximal order o/B^ >00 such that Rf]L = O, where the intersection 
takes place using the embedding o/B^ j00 C M 2 (L) given in (6.1). Then there is an integral 
invertible ideal a C O coprime to the conductor such that R is conjugate to R(a, \ a ) by an 
element of L x . 

Proof. Since R is a maximal order in IB>£ )00 , O must be maximal at I [Vig80, Chap. 2, Lemma 
1.5]. Therefore we can define R(0, Xq) as in §6.2 or §6.3 depending on whether £ is inert 
or ramified in O. Since R(0) and R both have O optimally embedded, by [Eic57, Thm. 4, 
p. 118], there exists an invertible ideal a' such that R = a'~ l R(0)a! . We may write a' as 6a, 
where 9 G L x and o is integral and coprime to the conductor. Thus, Lemmas 6.5 and 6.9 
show that R = d~ 1 R(a, A o )0. 

□ 

Fix an element [t^ '} of discriminant d, and let E = E(r°) be an elliptic curve over W 
with j(E) = j'( r ) an d good reduction at ir. Then we have an optimal embedding of 
O = End(-E) into End^/ n (E), a maximal order in Me t00 . Thus, by Lemma 6.10, there is an 
element [a ] G Pic(O) such that the pair 

(End(£ mod 1),l:0 = End(E) ^ End(£ mod [)) 

is conjugate to R(oo) with the diagonal embedding O e — >■ R(ao). Now let a G G&\(H/L) and 
consider the pair 

(End(£" T mod 1),l:<D^ End(£ a mod 0) . 

By class field theory, Gal(H/L) = Pic(O); let a = a CT be an invertible ideal that corresponds 
to cr; note that a is unique as an element of Pic(C). We assume that a is integral and coprime 
to the conductor. Since ~Rom.(E a ,E) is isomorphic to a as a left End(-E)-module, we have 
End(£ ff mod {) = aEnd(£)cT 1 [CF67, Chap. XIII]. Thus, by Lemmas 6.5 and 6.9, the pair 
corresponding to E G is conjugate to R(<Xoa)- 
We define 

R n (a) := { [a, 0\ : a G ST 1 , f3 G q^^ST^cr 1 , a - X a f3 G O) , \ii\d 
R n (a) :={[a,0\ : a G IT 1 ,/? G q^^D^aa" 1 , a - A a /3 G 0} , if i\d 



One can easily check that Ri(a) = R(a), that f] n R n W) = C an d that 



^ (a) = ^ + t^ 1 (a), if- (6 - 6) 



Then by [Gro86, Prop. 3.3], Endwy^-E") = R n (a a) . 



7. Proof of Theorem 3.1 

Throughout S nym (E) will denote S n , m (E/W). In this section, we prove Theorem 3.1, which 
we restate here for the reader's convenience. 
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Theorem. Assume that £ \ fi and that m/0. Then ^ #S njm (E(ri) /W) is equal to an 
explicitly computable weighted sum of the number of certain invertible ideals of norm £~ r m, 
where r = 2n — 1 if I \ d\ and r = n otherwise. If, in addition, m and f\ are relatively prime, 
then 

J2#S ntm (E(r 1 )/W) = ^ip(m)2t(r r m), 

n 

where C = 1 if 4m = d\d 2 and C = 2 otherwise, 
p(m) - 



if (di, — m) p = — 1 for p\d\,p \ fi£, 

2#{p\( m 4i)-p\f2 or P =i} otherwise. 



and 



N(b) = N, b invertible, 
%(N)=#{ bCO dl : p\biorallp\gcd(N,f 2 ),p\£d 1 

p 3 fb for &Hp\p\gcd{N,f 2 ,di),p^i 

We note that in the general case, i.e. if m is not coprime to fi, J2 Tl ir~Sn,m(E{ji)) is still 
computable; in fact, the proof provides an algorithm. 

Proof. If I is split in O^, then the Hilbert symbol (d\, —m)i = 1. Therefore, by the proof of 
Theorem 1.1, ^ r #S n m (E(ri)) = 0, and so each invertible ideal of norm i~ r m is said to have 
weight 0. Now restrict to the case where m and f\ are relatively prime. Since (di, — m)^ = 
—1, by class field theory, there exists a finite prime p ^ i such that (d\, —m) p = — 1. If p is 
inert in Q(v^i) then this implies that v p (m) = 1 (mod 2) and thus 2l(m£ _r ) = for all r. 
If p is ramified in Q(v^i) then p(m) = 0. So we conclude that if i is split in then both 
sides are 0. 

From now on we assume that the prime £ does not split in O dl . Therefore, by §6.4, 
for every [n] of discriminant d\ there exists an integral invertible ideal a = o Tl , such that 
End w / 7r n(£'(ri)) = R n (a). Furthermore, the elements o n can be chosen in a way that is 
compatible with the Galois action; we will assume that this is the case. Since R n {o) C B^ i0O , 
henceforth Tr, N, and disc will refer to the reduced trace, reduced norm, and reduced dis- 
criminant, respectively, in the quaternion algebra. With the identification of Endw/n n (E(Ti)) 
with R n (a), S n ^ m (E{Ti)) consists of elements [a, (3} in R n (a) such that 

Tr([a,P}) = d 2 , N([a,P}) = -(d 2 2 -d 2 ), disc(O dl © O dl [a, 0\) = m 2 , 

and such that Z©Z[a, /3] in (Q © Q[oc, /3])nR(a) has index a power of t. Let t denote the trace 
of \{di + y/di) [a, /3] v . Then a calculation shows that 4m = d±d 2 — {did 2 — 2t) 2 ) or equivalently 
that t — \ [d\d 2 ± \fd\d 2 — 4m) . The values of Tr([a, /?]) and Tr [\{d\ + y/d~i)[a, /3] v ) imply 
that a = (^i^z0^xK ^ so a is uniquely determined by t. In turn, t is uniquely determined 
by m if 4m = d\d 2 , and otherwise t is determined by a choice of sign. Define 

Si m {E) := {[a,P] G S n , m (E) : Tr (hd, + y/dj[a, /3}A = t} 



2 

where t and m satisfy 4m = d\d 2 — {d\d 2 — 2t) 2 . We will prove that ^ #S , * m (£'(ri)) is a 
weighted sum of integral ideals of norm m/t and if gcd(m, fx) = 1 then ^S^ m (E(ri)) = 
^p(m)2l(£ _r m). The theorem follows easily from this statement given the discussion above. 
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Proposition 7.1. Let [a,/3] E R n (&) as above, and define b := fit lr £)a a, where x 



Qn-\„-\ 



if £ is inert in and t = Pq if & is ramified. Then b is an integral invertible 



ideal of with the following properties 

N(b) = m£~\ 

b~t (mod 2Pic(O efl )), 



(7.1) 
(7.2) 



Proof. By the definition of R n (a), we see that /3 G rD 1 aa 1 and since N([a, j3]) = ^(d% — d 2 ] 
we deduce that (3 satisfies 



- (\(d\ — d 2 ) — ota) if £ is inert in O^, 
(\(d 2 — d 2 ) — aa) if £ is ramified in C dl . 



In both cases, the formula simplifies to (3(3 = N(tD 1 )m£ r . From these conditions, it is clear 
that b is integral, invertible, has norm m£~ r , and is equal to x in Pic(C?d 1 )/2Pic(C? ( i 1 ). □ 

We obtain further conditions on the ideal b by using the condition that the index of 
Z © Z[a, /3] in (Q © Q[a, /?]) n i?(a) is not divisible by any prime p ^ £. 

Lemma 7.2. Let p be a prime that divides gcd(m, f 2 ) and does not divide d\. Thenp divides 
the index of Z © Z(j) ac in (Q © Q(f) ac ) H i?(oc) «/ and on/?/ if b C pC^ . 



Proof. It is straightforward to show that a prime p' divides the index if and only if 



d 2 - p'd 2 1 



r/9 



— p'd 2 d±d 2 — 2t + d 2 \fd[ (3 
2p' 2 + 2pWT 1 V 



p'{dxd 2 - 2t) + d 2 y/di /3_ 

p 



e R(a) 



Z p i. 



2p' 2 y/dl 

Consider a prime p satisfying the assumptions of the lemma. Since p divides m and f 2 , 



a 



p{d\d 2 — 2t) + d 2 \fd\ 
2p^/a\ 



did 2 (p 



2tp d 2 d\ + \fd\ 



2p 



V 



e pir 1 . 



If b = /3rDa 1 a C pO dl , then we have that -Ex 1 D 1 aa x , and vice versa. As p \ d x 



this happens exactly when 
dividing the index. 



v ' v 



E (R(a) © Z p ), which, as stated above, is equivalent to p 

□ 



Lemma 7.3. Let p be a prime that divides gcd(m, d±, f 2 ) that does not divide £f\. If b C 
p 3 Od 1 , where p is the unique prime lying over p, then p divides the index of Z © Z(j 



/// 



n R(ac) 



Proof. If b C p Odx, then the same arguments as above show that a' E pD 1 and (3 E 
p 3 r -1 D _1 aa _1 . To show that [a', (3} E p(R(a)®Z p ), we are left to show that v p (a' - A/3) > 2. 
We first prove this when p is odd. Since p \ f±, v v {(3) = v p (X(3) > 3 — v p (d) = 2. Note that 



N(a') 



P 



Given that p\f 2 and p\\di, we have v p (N(a')) > 2 and so v p (a') > 2. By the strong triangle 
equality v p (a' — \(3) > 2. 
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Now consider the case when p — 2. As above, we have that v p ((3) > 3 — v p (di), which is 
non-negative. We may rewrite 

Since 2\f 2 , 4 divides {^f — l). Thus, either v p (a'),v p (Xf3) > 2, in which case the proof 
proceeds as above, or v p (a') = v p (X(3). Assume we are in the latter case. Since #C/p = 2, 
we have v p (a' — \f3) > v p (\(3) = v p ((3). This completes the proof unless v p (f3) = v p (a') = 0. 
If v p (f3) = 0, then v p (d\) = 3 and v p {m) = 3. By assumption, (d\, —m) 2 = (d 2) —"1)2 = 1 so 
we must have that % = 1 (mod 8). Thus, N(a') = N(/3) (mod 8). A calculation shows that 
this gives v p (a' - Xf3) > 2. □ 

Together, these two lemmas prove: 

Proposition 7.4. // there exists a prime p|gcd(m, / 2 ), p ^ ^ such that either 

(1) p is inert in O^, or 

(2) gcd(p, j\) = 1 and p is ramified in and v p (m) > 2, 
then S l n m (E{ri)) = for all T\. 

Proof. If p|gcd(m, f 2 ) and p is inert in then any integral ideal b with norm mi~ T will be 
contained in pO^- Thus there are no embeddings of which are optimal at p and thus 
the set S'* !m (£'(ri)) is empty. 

Similarly, if (p, f\) = 1 and p is ramified in O^, with v p (m) > 2, then any integral ideal b 
with norm m£~ r will be divisible by p 3 and again there are no embeddings of Od L which are 
optimal at p. □ 

We have obtained a map from S^ m (E(ri)) to invertible integral ideals in satisfying 
conditions (7.1), (7.2), and the additional conditions: 

b % pO dl , for any p\ (m, f 2 ) , p ^ I, p \ di (7.4) 

b£p 3 C> dl , for any p\ P \(d u m, f 2 ),p ^ £,p \ fx. (7.5) 

Note that the codomain does not depend on a, and hence is independent of T\. Thus, we 
can extend the domain of the map to [J 5*^ m (£'(r 1 )). We draw attention to the fact that 
the codomain of the map is explicitly computable. This follows from the results in §5. 

In the rest of the section, we will prove that for each ideal b that satisfies (7.1), (7.2), (7.4) 
and (7.5), there is an algorithm that computes whether b = fix^QcT 1 a for some (3, a such 
that [a, f3] e R(a) H S 1 * m (E(a)). If so, the algorithm also computes the size of the fiber lying 
over b, i.e. the number of pairs (/3, a) such that the above condition holds. This will show 
that #S , * m (i?(ri)) is a weighted sum on invertible integral ideals, namely each ideal 
satisfying (7.1), (7.2), (7.4) and (7.5) is weighted by the size of its fiber, and every ideal not 
satisfying one of (7.1), (7. 2), (7.4) and (7.5) is weighted by 0. In the case where m is coprime 
to fi, we will show that this weighted sum agrees with the formula given in the statement 
of the Theorem. 

Let b be an invertible integral ideal satisfying (7.1) and (7.2). Since b ~ r (mod 2 Pic(C , ^ 1 )), 
there exists an integral invertible ideal a, well-defined as an element of Pic(Cdi)/ (Pi c (^i))[2]j 
and an element j a G Q(y/di) such that b = 7 a t~ 1 aa~ 1 . (Since Pic(Crf 1 ) is finite, there is an 
algorithm to find a, and thus an algorithm to compute 7 .) For any [c] G Pic((9d 1 )[2], let 
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e 7 2/N(c) be a principal generator for c/c, and let j ac := 7 a e^2/N(c). Then b is also equal to 
7 ac t~ 1 ac(ac)~ 1 . Let /3 ac = 7 ac /y / ^i- Since b is integral, /3 ac G rS)" 1 ac(oc)~ 1 . 

By the arguments at the beginning of the proof of Proposition 7.1, we see that if b is the 
image of an element in R(ac), then the element must be of the form 

(gW 2 - 2t) + d 2 \/~d\ 



2v% 

where u G 0% . As a := (A^Qp^/K e £-1 and w/ 3 nc e ^l/jj-i^^^-^ it is left to 



determine 

(1) if a - wA ac /3 ac G and 

(2) if Z © Z0 OC in (Q © Q0 OC ) n R(ac) has index a power of I. 

If both conditions hold, then b is the image of </> oc G i?(oc). 
We first calculate the number of <f) ac satisfying Condition (1). 

Condition (1): Henceforth, we will assume, without loss of generality, that o and c are 

tic 

co\ aclac = u(6f([[M(p)^)/N(c))Kla (mod ID). 



coprime to di. As a result, we have A ac = dink M(p) Vp (^)\ a = \ a (mod di). Thus 



Since a — u\ ac (3 ac G if and only if ayoi — wA ac 7 ac G ID, this in turn occurs if and only if 

a - u(e, 2 ([[M(py^)/N(c))Kl a G 2), 

where a := a^4- Note that N(A a 7 a ) ee N(a) (mod d{) and that we ?2 (n p | c M(p) v ^)/ N(c) 
has norm congruent to 1 modulo di. To complete the proof, we need the following two lem- 
mas. The first lemma shows that, as c ranges over all elements of Pic(O) [2] and u ranges over 
all elements of O x , the element (e^dl p | c M(p)^W)/ N(c))u ranges over all congruences class 
modulo D that have norm congruent to 1 (mod d). The second lemma counts the number 
of such congruence classes which give exactly the transformation required by Condition (1). 

Lemma 7.5. Assume that d < —4 and let O = Od- Then the morphism 

{7 G (C/D) x : N( 7 ) ee 1 mod d] 



Pic(0)[2] 



±1 



that sends [c] t-j- e c 2 JT, M(p) Vp ^/ N(c), where c is any representative coprime to D, is an 
isomorphism. 

Proof. An easy computation shows that the map is well-defined. We will show that the 
groups have the same cardinality, and then show that the map is surjective. The exact 
sequence 

Pic(C)[2] Pic(O) ^4 Pic(C) Pic(C)/2Pic(C) -)• 

shows that #Pic(C)[2] = # (Pic(C)/2 Pic(C)), which by [Cox89, Prop. 3.11 & Thm 7.7] 
is equal to 2 fc ~ 1 (see §5 for the definition of k). Let 7 := 70 + 7i G O be such that 

N(7) ee 7q + d ^ d ~ l ^ 1 ee 1 (mod d). We need to determine the number 7 modulo 2) that 

23 



satisfy this equation. For each odd prime p\d, we have 2 choices for 7 mod D p , namely 
7 = ±1 mod Dp. When p = 2\d we have the following possibilities 

d = 4 (mod 16) 7 = 1 mod T> 2 , 

d=12 (mod 16) 7 = 1, or \(d + Vd) mod D 2 , 

w 2 (d) = 3 or 4 7 = ±1 mod £> 2 , 

v 2 {d) > 5 7 = ±1 mod D 2 or 7 = ~(d + y/d ± V4 + d) mod 2) 2 . 

Note that if v 2 (d) > 5 then 1 + d/A = 1 (mod 8) so \yfl~Td exists modulo 2 W W _1 . This 
case-by-case analysis shows 



# {7 G O/v^ : N( 7 ) = 1 (mode/) J 



and so the quotient by ±1 has cardinality 2 k 1 . 

Proof of surjectivity: Fix a nontrivial 7 := 7o + 7i d+ 2 ^ n the codomain, i.e. 7 is such that 
7q + c?7o7i + 7i ^-f^ = 1 mod d and 7^1 mod Q. Then fix non-zero values of eo, e.\ G Z and 
a positive integer iV coprime to d such that 

d 2 — d d 
e 2 + de ei + e 2 — - — = N 2 , e = iV7o (mod Tr^K )> 61 = ( mod ( 2 ' 

(This is possible because conies satisfy weak approximation.) Define e := (eo + ei d+ ^ ^ , 

Then N(e) = ^^^ j , and since p f e, e must generate a square ideal, say c 2 . Additionally, 

N = N(c)(e ,ei). Therefore, [c] H- 7, thus completing the proof of surjectivity and of the 
Lemma. □ 

Lemma 7.6. Fix a, b G Od- Assume that N(a) = N(6) (mod d). 7/N(a) zs coprime to the 
conductor f of d, then there exists an element c G (9, suc/i t/iat 

N(c) = 1 (mod d) and a - cb G D. (7.6) 

Moreover, regardless of whether N (a) zs coprime to f, if there exists c G (9 satisfying (7.6), 
£/ien £/ie number of such c modulo D equals p rf (a , ai) where a := a + a ^ 4 ^ , 

{2 if d = 12 mod 16, s = t mod 2 "| r . f 00 , , . , , . n 
1 otherwise I k ' 

p d (M) := p- d 2 \s,t) ■ 2* {p ^ {s) ^ d) ^ 2 \ 
Remark 7.7. If N(a) is coprime to /, then pd(ao,ai) has a simpler expression; it is equal to 

2 #{p:p|(d,N(a))}^ 

Proof. First we will prove existence of c in the case where N(a) is coprime to the conductor. 
Write a := a + ai rf+v/ ^ and b := b + b\ d+ ^ . By our assumption on N(a), N(6), we see that 
a 2 = b 2 (mod p^) for all odd p and that a 2 , - \a\ = b 2 - {b 2 (mod 2 V ^). Since N(a) is 
coprime to the conductor, we get that a$ = ±60 (modp"^) for all odd primes. From the 
description of the elements of norm 1 mod d in the proof of Lemma 7.5, it is clear that there 
is a c, with N(c) = 1 (mod d) such that a = be (mod D p ) for all odd p. 
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It remains to show that if 2 | d, then there is such a c that satisfies a = be (mod 2)2). The 
norm congruence as well as the co-primality assumption shows 

(1) If d = 12 mod 16, then either ao = ai (mod 2) and 60 = &i (mod 2) (when N(a) = 
(mod 2) or a ^ a x (mod 2) and b h (mod 2) (N(a) = 1 (mod 2)). 

(2) If f 2 (d) = 8, then a = ±6 (mod 4) and a\ = b\ (mod 2). 

The description of possible ceO such that N(c) = 1 (mod d) given in Lemma 7.5 completes 
the proof of existence. 

Henceforth we assume that there exists ac6 such that N(c) = 1 (mod d) and a = be 
(mod 25). Since N(c) = 1 (mod d) we may replace b with 6c and assume that a = b (mod 2)). 

Let d = c' + c' x d+ j* g be such that a = c'& (mod 2)). Since a = 6 (mod 2)), we must 
have (c' — 1)6 G 2) and N(c') = 1 (mod d). Therefore for all odd primes p \ d, either d Q = 1 
(mod p v w) or v p (b ) > v p (d), and hence v p (a ) > v p (d). So for odd p, there are 2 choices for 
c' modulo Dp if v p (a ) > v p (d) and otherwise d is uniquely determined modulo 2) p . 

Now let p = 2. Then we have the following possibilities for d 

d = 4 (mod 16) c' = 1 mod 2) 2 

di 

(mod 2) 



' ! 2 

V 2 



= 4 (mod 16) c = 1 mod 2) 2 
= 12 (mod 16) either c' = 1 mod 2)2, or 

c' = \{d + vd) mod 2) 2 , and a = ai 
<{d) = 3 or 4 either c' = 1 mod 2)2, or 

c' = — 1 mod 2) 2 , and v p (b ), v p (ao) > v p (d) — 2 
(d) > 5 either c' = 1 mod 2)2, or 

c' = —1 mod 2) 2 , and f p (6 ), f p (a ) > v p (d) — 2 
c' = \{d + yd ± \/4 + d) mod 2) 2 and ao = 2ai 



or 

(mod 4). 



In the last case, when v 2 (d) > 5, if ao = 2ai (mod 4) and w p (ao) > v p (d) — 2, then c' may take 
on all values modulo 2)2 that have norm congruent to 1 modulo d. This case- by-case analysis 
shows that there are ]r d (ao, a\) choices for c modulo 2)2. This completes the proof. □ 

Remark 7.8. The assumption that N(a) is coprime to the conductor in Lemma 7.6 is crucial 
for the existence of c. Let's assume that p divides the conductor and v p (d) = 2. Then if 
p 2 \ N(a), the congruence a^ = b$ (mod p 2 ), only implies that ao = 60 = (mod p), not that 
a = ±60 (mod p 2 ), which is what is needed to prove existence. 

Now we return to the proof of the theorem. Recall that we are determining for which 
[c] G Pic(£>)[2] we have 

(1) a - (e, 2 /N(c)VA a /3 a € O dl , and 

(2) Z © Z(f) ac in (Q © Q0 ac ) D J?(ac) has index a power of £. 

Assume that there exists a [c] G Pic(O) and G 0% such that (1) holds. Then Lemmas 7.5 
and 7.6 show that there are pd{— t, d 2 ) elements of Pic(C)[2] and ^ choices for u such that 
(1) is satisfied. (If d = —3 or —4, then one can easily check this statement and the following 
remark directly.) In addition, the proofs of Lemmas 7.5 and 7.6 give an algorithm for testing 
whether there exists a [c] G Pic(O) and u G such that (1) holds. 

Remark 7.9. If m and f\ are coprime, then the proofs of these lemmas also show that there 
does exist a [c] G Pic(C) and oj G 0% such that (1) holds. 
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Condition (2): Now we determine which of these ^Pd(— t, d 2 ) elements also have the 
desired index. Condition (2) is satisfied if and only if Z[0 ac ] is optimally embedded in R(ac) 
at every prime p ^ £. 

From the proof of Lemma 7.2, we see that the only primes different from I that can divide 
the index of Z © Z0 ac in (Q © Q0 O c) H R(ac) are the primes p that divide gcd(m, f 2 ). If P is 
such a prime that does not divide d\, then for any preimage of an invertible ideal b satisfying 
conditions (7.1), (7.2), (7.4), (7.5), Lemma 7.2 ensures that p does not divide the index. 
So if the gcd of m, d±, and f 2 is trivial, then the size of the fiber is equal to the number of 
elements satisfying condition (1), which was shown above to be either or ^Pd( — ^^2) • 

Now consider the case that there exists a prime p|gcd(m, d±, f 2 ), p 7^ I. Then we have 
v p (m) > 2. If p \ fi, then Lemma 7.3 shows that v p (m) = 2 and the condition on the index 
is equivalent to determining whether 

' ( /Aif-w \ a h sn u ' P(did 2 - 2t) + d2>/<h 
a — (e-f/ N(c))uj\ a p a f. pO dl , where a := 



2py/d 1 

Note that the norm of a'yfdl (see (7.3)) and the norm of y/d^u\ a f3 a are both congruent to 
—tm modulo p 2+v p( dl ). This is a stronger congruence than the one between N(a) and N(/3) 
that we used to invoke Lemma 7.6. This stronger congruence allows us to show that exactly 
half of the ^p d {—t,d 2 ) elements of Pic(C)[2] are such that a' - {e-^j N(c))wA a /3 a ^ pO dl - 
(One proves this by using arguments almost identical to those in Lemma 7.6.) Furthermore, 
at each prime, these conditions are independent. So for each prime dividing gcd(m, di, f 2 ), 
the size of the fiber consisting of elements satisfying both Conditions (1) and (2), is divided 
in half. 

In summary, the number of [c] G Pic(C)[2] and u G 0% that satisfy conditions (1) and (2) 
above is bounded above by ^pa(—t, d 2 )2~^ p ^ m ' dl '^' p ^ e ^ 1 \ with equality if gcd(m, /1) = I. 
If m is not coprime to the conductor (in which case w\ = 2), then the number of [c] is either 
0, or is of the form 2 k with 

#{p : p\gcd{m,di),p\ f\f 2 } <k< v 2 (p d (-t , d 2 )) - #{p|gcd(m,di,/ 2 ),pt^/i}- 

This proves that ^ n ^S^ m (E(ri)) is a weighted sum of ideals with a fixed norm, and the 
proof gives an algorithm for computing this weighted sum. 

From now on assume that gcd(m, f\) = 1. So far we have shown that 

E^U^O) = 21+ Xfct^/l^i -*{^°-- ( 7 -!)> ( 7 - 2 )> ( 7 - 4 )> ( 7 - 5 )} 

Tl 

Note that it follows from Corollary 5.2 that an ideal b of norm £~ r m satisfies b ~ r 
(mod 2Pic(Od 1 )) if and only if ^e(m£~ r N(r)) = 1. In particular, either all ideals of norm 
£~ r m satisfy (7.2), or none do. Therefore 



# {b C O : satisfying (7.1), (7.2), (7.4), (7.5)} 



f%r) if $ e (m£- r N(t)) 
otherwise. 



1 



By the definition of q in §6, ml r N(t) = — m in Z//1Z. Since m is coprime to fx, —m is 
congruent to a non-zero square modulo fx and so \& p (— m) = 1 for all (Recall from §5 
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that if p\di and p\ fi, then ^> p (—m) = (d±, —m) p .) Therefore 

# {b C O : satisfying (7.1), (7.2), (7.4), (7.5)} 

By Remark 7.7, we know that 

wip d (-t, d 2 ) 




if p(m) 7^ 0, 
otherwise. 



2l+#{p|gcd(m,d 1 ,/ 2 ),p^} 

which completes the proof. 



^1 2 #{p|gcd(m,d 1 ):^/ 2 or p=£} 

2 



Proposition 7.10. Fix a prime £ and a positive integer m of the form ^(did 2 —x 2 
that m and f\ are coprime. Then 



□ 

Assume 



p(m)2t(r r m) = e e (r r m) 

p\m,p^£ 



1 + v p (m) 
2 

|(1 + (-1)«pM) 

2 
1 




P 
di 



= -l,pt/2, 

pMi, (rfi, -m) p = l,p|/ 2 ,v p (m) = 2 
otherwise, 



where £e(N) = if N is not an integer or if £ \ d\ and v^{N) = 1 (mod 2), ei(N) = 2 if N 
is an integer and i\d\, and Ee(N) = 1 otherwise. 



Proof. Recall that 
p(m) = 



if (di, —m) p 

2#{p\scd(m,d 1 ): P \f 2 or P =£} otherwise 



1 for p\di,p ^ ld\ 



N(b) = N, b invertible, 
2l(A0=#<( bCO dl : p\bforn\\p\gcd(N,f 2 ),p\£d 1 

p 3 \ b for all p|p|gcd(iV, f 2 , d x ),p^i 

If £~ r m is not an integer, then one can easily see that both sides are 0. One can also check 
that both sides are if v^im) = (mod 2) and £ \ d\. So we may assume that Vi(m) > r 
and that if ve(m) = (mod 2) then £\d\. 

Under these assumptions, it is an exercise to show that the number of invertible integral 
ideals b of norm £~ r m is equal to 



n 



1 + v p (m) 



if 



1 



p\m,p\£d 



I |(1 + (-1)""W) if 



-1 



If we impose the condition that p \ b for all p\gcd(m£~ r , f 2 ),p \ £d\, then for any p\f 2 ,p\ d\£ 
the local factor becomes if p is inert in and 2 if p is split. If we additionally assume 
that p 3 \ b for all p|p|gcd(£ _r m, f 2 , d±),p ^ £, then we introduce a local factor at p that is 
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when p\di, p £ and v p (m) > 3. In summary, we have 

+ (-l)^N) 



2l(r r m) = 

p\m,pj^l 



Vp(mj + 1 



if 


\P J 






if 


( di^ 
\P J 


= ~hP 1 f2, 




if 


( di^ 




(7.7) 


if 


( 

\ P J 


= 1,P 1 /2, 





,max (0, 3 - v p (m)) p\(d u f 2 ). 

It is clear from the definition of p(m) that 

(0 if (d x ,-m) p = -l,p ±1 
p(m) = Yl S 1 if (di, -m) p = l,p\f 2 

p|gcd(di,m) I 2 if (di, —m) p = 1 and p \ f 2 , or p = £ 

Combining this expansion with (7.7) completes the proof. □ 

8. Relating S^ ie to S n 

We retain the notation from the previous sections. In this section we prove the following 
proposition. 

Proposition 8.1. Assume that d\ is fundamental at £ and that either £ > 2 or gcd(G? l7 <i 2 ) 
is odd. Fix [tx] of discriminant d\ . 
Then if £\f 2 , we have: 
<-> 



n=l 

and if £ \ f 2 , we have: 



^ #S n (E(n) I A) - \ e ^ Si{E{Ti)/w) if ^ 



#^ Lic (^(n)M) 



| En #S n (£(n)/W) if ^Mi or £ f d 2 , 
E„#5n(^(ri)/W) if£R,£|ci 2 . 



Proof. Write for E(t\). Let O € Sk(E/A) \ Sk + i jC [ 2 (E/A). The element O is contained 
in S^ ie for some n < k if c(0o) = ^ mod /i n and c(0o) = $ mod /i, where c denotes the map 
from End A/fl k(E) to Lie A/ y=(£) = (Recall that O = ^~ S2 0o + §d 2 (l - f 52 ) mod //.) 

By the theory of complex multiplication, we know that c([a, 0]) = a for any a6 0. Since 
c is a homomorphism, we have 

(c(0 o ) - 5)(c(<$) - 5) = 1(4 - d 2 ) - d 2 5 + 5 2 = 0, 

and similarly for O and Therefore, at least one of 0o 5 0o i s i n Both are contained 

in S^ ie if and only if c(0o) = c (0o) ( m °d A 4 )- If c (0o) ^ c (0o) ( m °d A*)) then we may also 
conclude then exactly one of 0o, 4>q is in S^ 1C for any n < r. In addition, if £|/ 2 and either 
i = 2 or £ \ d±, then S, 5, c(0o); c(0o) are all contained in the maximal ^-unramified extension 
of H 2il j, 2 . Thus, if c(0o) = 5 mod /i, then the congruence holds modulo ^ min ( e2 > fc ). So if 
#Sl ie '(E/A) = JfS^E/W), then #S% io (E/A) = #S 1 (E/W) for all n < e 2 . 
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To conclude anything further, we must determine a more complete description of c. Since 
c factors through the formal group, we will consider elements in IB>£ i00 D TL^ ® End^/^^E). As 



in §7, let t := Tr([(di + y5i)/2,0] • 0q). Since 0o £ End^/ /i (£') ) using arguments similar to 
those in §2 and §7 we prove that £ S2 \t and 4£ 1+2s2 |(gW 2 - {d\d 2 - 2t) 2 ). 

By definition of S n and S n m and the arguments at the beginning of §7, we have 



t 







(d 2 - O ) + 00 



i(4 







where i = | (rfic?2 ± \J d\d 2 — 4m) . Since c is a homomorphism and Lie(i?) is commutative, 



this gives 



did 2 — 2t + d 2 \fd[ 



A similar computation with O gives 

- d x d 2 - 2t + d 2 l S2 * 



Ok 



2£ S2 



in A/fi n . 



in A/fi n ,n < e 2 . 



The rest of the proof will break into cases depending on whether £ divides each of d\, d 2 . The 
case when £ = 2\d\ will also be treated separately. In each case, the argument consists of 
computing c(0o) an d then using a series of valuation arguments to conclude the result. Each 
step is straightforward, but the whole argument is rather involved, so we give the details for 
the readers' convenience. 

If £ \ di, then we may divide by \fd\ and obtain an expression for c(0o) an d c(4>o)- 
If Vi(d 2 /A) = 1, then v^(S) ^ ^(c(0 o )), so c(0 o ) = 5 (mod fi n ) if and only if they are 

both contained in /i n or, equivalently, n < m.in(v fl (t£~ S2 ),v fl ('\Jd~ 2 /2)). In particular, the 

congruence holds for n < e 2 . Thus, iii\d 1 and ^(d 2 /4) > 0, then #S n (E/A) = #S^ ic (E/A) 
for n < e 2 . Since S n {E/A) = S^E/W), we have 

^#S n Lic (£/A) = e 2 #5 1 (£/W). 



n=l 



Moreover, if l\ f 2 , then £ n #S? e (E/A) = ftS^E/W). In addition, S n (E/W) = because 
^(i^da - x 2 )) < 1 for any x G Z.^Therefore, £ n 4S^ e {E/A) = £ n #S n (E/W). 

Now suppose that £ = 2 and 4||rf 2 - Then c(4>o) = tj\fd[ = —tj\fd\ = c(0q) (mod /i). If 
we further assume that 2 \ f 2 , then c(0 o ) = —tj\fd\ (mod /z 2 ) and <5 = \fd~ 2 j2 (mod /x 2 ). In 
addition ^- — <i 2 4 is congruent to 2 modulo 4, so c(0 o ) ^ 5 (mod /i n ) for any n > 1. Thus, 
we obtain the same conclusions as in the previous case. 

If I \ di, it remains to consider the case when l\d 2 . In this case c(4>o) ^ c (0o) ( m °d fi), 
and thus = ^S n ,d 2 f° r an n ^ *^ f /2 an d f° r n < e 2 otherwise. 

Now consider the case where £\d\ and £ ^ 2. Then ii £ \ f 2 , A = W. Regardless of whether 
f 2 , we still have the equality 

d\ + 



in A/ iT. 



However, since a/37 = mod /i, this no longer determines c(4>o) in Aj /A Let a, /3 E Q(\/di)n 
such that 0o = [«, /?]. We can express 0o a s [a, 0] + [/?, 0] ■ [0, 1]. Recall that [0, l] 2 = — q 
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for q a prime (see §6 for the description of q); this implies that c([0, 1]) = ±y/^q. Thus 
c(0 o ) = a± v 73 ?/? 

= — = (did 2 — 2t + d 2 \Jd~\\ ± y/—qfi, and 
2vdi V / 



c(0o) 



d x d 2 -2t + d 2 f 2 V di ± v^/?^ 



We further assume that £ f d 2 . Since vi{d\d 2 — (d\d 2 — 2t) 2 ) = 1 + 2s 2 , by the arguments 
in §7, S n (E/W) = for n > 2 + 2s 2 . Since O G Si +2s2 (£/W), 

1 



ci</>oJ 



S2 Vd7 



(did 2 - 2t) ± 2y/=q/3t 



must be a /i-adic unit. This together with many of the previous arguments establishes: 
J2^ ic (E/A) = ^T^ ic (£/W) = ±52#S n (E/VT) = ^(E/W), 

n n n 

when £\ f 2 . If £\f 2 then the above shows YTn=i S n'\ E / A ) = h#Si(E/W). 

Now suppose that £\d 2 . This implies that vi[d\d 2 — [d\d 2 — 2t) 2 ) > 2 + 2s 2 , and hence that 
> 0. Thus c(0 o ) = c($) (mod //) and so #S\ ie {E/A) = #Si(£/W). If £\f 2 , by the 
argument at the beginning of the proof, we have Yln=\ ^^^{E / A) = e 2 #5 , ^ ie (£ , /W). Now 
consider the case where £ \ f 2 . Then \fd 2 fd[ is a /i-adic unit and v^(/3) > max(l, k — 1). We 
rewrite c(0o) — 5 as 



did 2 _ 2t \d 2 



d\ 



±V~q 

d\ y/di 



(3-(3\^d 



Note that + /3) and the coefficient of y/d[/2 both lie in an unramified extension of 
thus have even /x-adic valuation. Therefore, c(4>q) — 5 is modulo /i n if and only if 



n 



V i \n(P + P))> 7T> and 



d 1 d 2 -2t fd^ ^^—(3 -'(3 
d\ V di -y/dY 



> 



n — 1 



2 ' 



and c(0q) — 6 is modulo /i n if and only if 



ii 



ve [«(P + P)) > «> and vt 



d x d 2 -2t [dk . . — /3 - '/3 
~~ ; 5 — + V T ± v -q—fr 

d\ V «i v«i 



> 



n — 1 



If fc is even then (|(/3 + /?)) > k — vi(d\) and w M (|(/3 — /?)) = k — vt(di). Now consider 
the product 



d x d 2 - 2* 



da 



di vdi 



P~P \ I did 2 - 2t 



da 



^2 , ^0-/3 



V «i v"i 



d? 
-1 

: df 



(did 2 - 2t) 2 ± (did 2 - 2t)2v^v^i(/9 - /?) - 9<W - /?) 2 - did 2 
(d^ 2 - (d x d 2 - 2t) 2 ) t {did 2 - 2t)2 v ^ v /rf T(/ 3 ~P) + Qdi{P - W 

30 



If k > vi(d\d 2 /A), then the middle term has valuation | — 1 which is strictly less than 
the valuation of the first and last term. Thus we must have n < k. If k = v{d\d 2 /4) 1 
v(2t) = v(di), then all three terms have valuation 0. By the choice of q specified in §6, 
\f—q Qe- Thus, the valuation of the product is 0, so n = 1 < 2 = k. Now consider the case 
where k < v(did 2 /4) or v(2t) >. Then the first and last terms have the same valuation, and 
the valuation of the middle term is strictly greater. Using the relation aa + q(3(3 = \(d 2 — d 2 ), 
we are able to show that {d x d 2 - (d^ 2 - 2t) 2 ) £ -qd^fd - /3) 2 modulo fM'&H 1 . Therefore 
n = 1 < 2 = k. 

If k is odd, then t> M (/3 + /3) = \{k — 1) and v fl (f3 — f3) > k. The first equality gives 
k > n. From this, one can easily check that the valuation of the product is at least ^(n — 1). 
Therefore #^ ie = |#S n+M2 for n > 1. Since v,{\{d x d 2 - (d,d 2 - 2t) 2 )), #S Ma = #S 242 . 
Combined with the previous result that #Si™ 2 = #iSi,d 2 , we obtain J2 n T^n' = J2 n i^^n- 

It remains to consider the case when I = 2, d\ = (mod 4), and d 2 = 1 (mod 4). Let 

A = A a where a C O is the invertible ideal corresponding to E as described in §7. Then 

the formal group of E; write rj for the image of this element under 

c. Let a, (3 G Q(y/d~i) PI C^j such that O = [c*,/?]. We can express O as — A/3,0] + 
^wCdO-^O] . [ A7r i-ta(di) j7r i-ta(di)]_ Then 

C (0 O ) = « - A/3 + f3n v ^ ) ~ 1 r t 

= —= (d x d 2 -2t + d 2 y/(h) - A/3 + ^t^ 2 ^" 1 , and 

2^6?! V / 

c(0 o ) = - 1 7= (did 2 -2t + d 2 t*^h) - A/3r S2 + pr s *<K v ^~\ 

so c(0 o ) - c(^) = j^=(did 2 - 2t) - 2Xf3£~ S2 + 2fil S2 v V2 ^- 1 . Since the 2-adic valuation 
of \[d\d 2 — [d\d 2 — 2t) 2 is 1 + 2s 2 , the 7r-adic valuation of (3£~ S2 is 1 — v 2 (di). If di = 
(mod 8), then v 2 {t) ^ 1 + s 2 jo c(0 o ) - c($Q = -2A/3£~ S2 ^ (mod /it). If d 1 = 4 (mod 8), 
then v 2 {t) = s 2 so c(0 o ) — c (0o) = —2tl~ S2 j \fd\ 7^ (mod //). This completes the proof. □ 
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